Blog

Deciphering the importance of encryption

1st March 2018

The first ever USB drive was sold by IBM back in December 2000 and what was then an innovative, valued data storage solution, has now become a commodity product with billions of drives being sold every year.

They’re cheap, reliable, robust (due to having no moving parts) and easy to use… and lose! We take them for granted, use them, abuse them but what happens when we misplace them? The drive itself is quickly replaced but what about the data on the drive? Most likely you’ll have a master copy of the data on your PC so all is not lost, but what happens if the USB you ‘misplaced’ is found and your data accessed by an unauthorised user?

If the USB lost is encrypted, access will be denied and your files will remain secure, away from prying eyes. CORRECTION: Only if the USB is hardware encrypted will your data be protected.

If an unencrypted drive, or even a software encrypted drive, is lost or stolen, any data saved on the drive will be accessible to anyone who comes across the drive, which could be a competitor or identity thief.

You might think that password protecting valuable files will keep them safe, but think again. A professional will crack a password in minutes.

The only sure-fire way to keep sensitive data such as customer records, company accounts, business plans, photographs, HR files… safe on the move, and avoid a costly data breach, is to use a hardware encrypted device.

How does encryption work?

Encryption is the process of changing or transforming files according to a set of rules and algorithms into a format that cannot be read.

In days gone by encryption was linear and was as simple as each letter becoming the next letter in the alphabet e.g. a=b, b=c, c=d… so the word ‘ant’ encrypted would be ‘bou’. Technological advancements mean that simple linear encryption is now easy to hack, but on the flip side evolution has afforded us sophisticated non-linear encryption.

Encryption today is complex and best left to programmers and mathematicians to explain. Topline it involves a series of linked mathematical operations used in a block cipher, operating on a fixed-length group of bits with an unvarying transformation specified by a symmetric key… you were warned!

An encryption solution must conform to certain standards in order to claim to encrypt data, to be effective your chosen data security solution should perform AES (Advanced Encryption Standard), 256 bit encryption is the most secure.

An easy question that’s hard to answer

Encrypting your data will keep sensitive data safe BUT only if you choose the right encryption solution. As previously noted encryption can be implemented in software or in hardware so which should you choose?

The simple answer is hardware.

Software encryption solutions are typically cheaper, quicker, easier to implement but like any software application it can be hacked, which means your sensitive data is still at risk.

Password hacking viruses on your PC will target and perform multiple attacks on your data, trying relentlessly to crack your password until it finds the key that unlocks your data. Using complex passwords (numbers, upper and lower case letters, characters…) will make the task of hacking harder but will only delay, and not prevent, your data being accessed.

PIN and password gateways will lockdown data and prevent access once a password has been incorrectly entered a predefined number of times, however experienced hackers will bypass this barrier by simply locating and resetting the software counter so they can continue to attack your data.

Hardware encryption is the only option if you want to safeguard your data

With a hardware encrypted USB drive such as SafeToGo®, all the information relating to the encryption and decryption of the data, along with the access control counters, are implemented in a crypto module located inside the USB itself (not in a PC).

This clever crypto module will shut down the USB and keep any data stored on the drive safe in the event of unauthorised access attempts. Unlike a software based solution, hackers cannot run analysis utilities on the USB to locate and reset the control counters.

By shutting down the USB, a parallel attack, where data is copied and shared to multiple devices to increase the chances of unlocking the data, is also prevented.

In addition to being a GDPR* compliant solution for data on the move, SafeToGo is also SafeConsole® compatible, meaning all drives can be managed centrally regardless of their location.

Raspberry Pi

Cardwave are delighted to be recognised by the Raspberry Pi Foundation for being a valued partner and supplier. We have enjoyed a close business relationship with the foundation since the massively successful launch of the Raspberry Pi in early 2012. Cardwave works with memory distributor, Xel Electronics, who supply Samsung SD cards to Premier Farnell and RS Components, two of the companies authorised by the charity to supply the Raspberry Pi. We are pleased to work with the foundation again on this superb SD card offering. Visit website